firmware: cs_dsp: Fix OOB memory read access in KUnit test

KASAN reported out of bounds access - cs_dsp_mock_bin_add_name_or_info(),
because the source string length was rounded up to the allocation size.

Cc: Simon Trimmer <simont@opensource.cirrus.com>
Cc: Charles Keepax <ckeepax@opensource.cirrus.com>
Cc: Richard Fitzgerald <rf@opensource.cirrus.com>
Cc: patches@opensource.cirrus.com
Cc: stable@vger.kernel.org
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
Link: https://patch.msgid.link/20250523102102.1177151-1-perex@perex.cz
Reviewed-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Signed-off-by: Mark Brown <broonie@kernel.org>

diff --git a/drivers/firmware/cirrus/test/cs_dsp_mock_bin.c b/drivers/firmware/cirrus/test/cs_dsp_mock_bin.c
index 80e67474ddb87ea7b891f6f5525b38bd1a38c646..3f8777ee4dc09b8e1efb7c45884ff5732d7afe32 100644 (file)
--- a/drivers/firmware/cirrus/test/cs_dsp_mock_bin.c
+++ b/drivers/firmware/cirrus/test/cs_dsp_mock_bin.c
@@ -96,10 +96,11 @@ static void cs_dsp_mock_bin_add_name_or_info(struct cs_dsp_mock_bin_builder *bui
 
        if (info_len % 4) {
                /* Create a padded string with length a multiple of 4 */
+               size_t copy_len = info_len;
                info_len = round_up(info_len, 4);
                tmp = kunit_kzalloc(builder->test_priv->test, info_len, GFP_KERNEL);
                KUNIT_ASSERT_NOT_ERR_OR_NULL(builder->test_priv->test, tmp);
-               memcpy(tmp, info, info_len);
+               memcpy(tmp, info, copy_len);
                info = tmp;
        }